Chef Results is GDPR Ready
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for European Union (EU) citizens with an emphasis on data security and privacy. The GDPR not only applies to companies that operate in the EU, but the regulations also impact companies operating outside of the EU if they have any EU based Clients or the personal data of anyone in the EU.
Chef Results has made information security and data privacy principles the foundation of everything we do, and we recognise the importance of passing new regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR readiness.
In line with the new GDPR we will soon be sending out updated customer contracts which link to our adjusted terms and conditions, which will define our obligations under the GDPR.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for European Union (EU) citizens with an emphasis on data security and privacy. The GDPR does not only apply to companies that operate in the EU. This regulation will also impact companies operating outside of the EU if they have any EU customers or personal data of anyone in the EU.
Chef Results has made information security and data privacy principles the foundation of everything we do, and we recognise the importance of passing regulations to advance information security and data privacy for citizens of the EU. We are firmly committed to GDPR readiness.
How we handle our customers privacy
This document is an overview of how we handle privacy and includes:
- The types of information we collect
- How we collect and use it
- Who we might share it with
- The steps we’ll take to make sure it stays private and secure
- Your rights to your information
Who we are
When we say ‘we’, ‘us’ or ‘our’, we mean Chef Results who is the ‘data processor’ for the information in this overview. When we say ‘you’ or ‘customer’ we mean the candidate or client we are providing services to, which may include employees of the client we are providing services and information provided by the customer who, being a company would have a person responsible as the ‘Data Processor’ who is responsible for deciding how we can use the information we hold. When we say ‘customer data’ this means files and documents owned by the candidate or customer.
The information we collect
We collect information from different places including:
- Directly from our customers and our customers employees
- Directly from our candidates
- From publicly available sources
- When we generate it ourselves
- From other organisations
- From governing bodies such as HMRC
We’ll only collect information in line with relevant regulations and law and this may relate to any of our products or services our customers and candidates enquire about, are able to receive, currently hold or have held in the past.
Our customers and candidate data processor is responsible for making sure our customers give us accurate and up to date information.
The types of data we process
Depending on the Offering chosen by the customer and candidate, we will process on behalf of the customer the following personal data:
- First Name
- Last Name
- Mailing Address
- Email Address
- Business Phone
- Mobile Phone
- Home or personal phone
- Candidate payroll details
- Candidate Cv’s
- Candidate Identification
How we’ll use the information
We’ll use it to provide any services our customer has requested and other purposes including:
- To confirm your identity and address
- To understand how our customers use our services
- To carry out our customers instructions and deliver services
- To improve our services
- To process payments
- To offer other services which we believe may benefit our customers unless you ask us not to.
We’ll only use our customers information where we’re allowed to by law e.g. carrying out an agreement and providing services for our customers, fulfilling a legal obligation, because we have a legitimate business interest or where our customers agree to it.
What we do to ensure our customers information is safe
Any suppliers who we share personally identifiable information with have given their assurance of their commitment to the GDPR and the requirements contained therein.
When choosing new suppliers we look for suppliers who have achieved ISO27001, Cyber Essentials, Privacy Shield or another related certification or that can demonstrate competence and adherence to good privacy and security standards.
A few of the physical measures we take are:
- All devices we use to store information are encrypted,
- Our staff have training in relation to GDPR readiness
- We are supported by data security on our devices and network by a company which are accredited with IASME.
- We are registered with the ICO for Data Protection Reference A8297053 and follow all the stringent rules they apply.
Who we share your information with
We may share our customers information with other companies we work in partnership with. These include carefully selected. Our customers can request a list of the suppliers we use to process personal services. We don’t share our customers information with any parties other than for the provision of services to the customer or to improve our products or services. We apply the same methodology for all our suppliers.
How long we’ll keep information
We’ll keep our customers information and customers data for as long as our customer has a relationship with us. After it ends we’ll keep it for a pre-defined period thereafter and where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, or for other reasons e.g. fighting fraud, crime, and responding to requests from regulators.
The types of data we keep and how long we keep it:
|Data Type||Summary of what this may contain||Retention period||Reason for retention|
|Client Information||Customers business address, email addresses, passwords, contact details including personal contact details when given.
Customer Contract Agreements and Invoices
|72 months||To comply with laws for keeping contractual agreements and invoicing on file.
We’ll also use the information to inform about new candidates or rates which we feel may help the customer.
|Candidate Data||Cv’s, Temp Pack information to include Bank details, personal addresses, email addresses, contact phone numbers, id, HMRC data, payroll data, pension data,||72 months||We keep the relevant information for Money Laundering purposes and government purposes such as HMRC. Time sheets are stored for the relevance of accounting purposes. we only keep data with the permission of the sender.|
Our customers have rights relating to their information e.g. to see what we hold, to ask us to share it with another party, ask us to update incorrect or incomplete details, to object to or restrict processing of it please email carol@chefresults,.co.uk or contact the person responsible for data as detailed at the bottom of this page.
You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR. You can do so by calling the ICO helpline on 0303 123 1113 or via their website.
Our contact information
The person responsible for data protection is:
Chef Results Ltd
Tel: 0114 279 5033